Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Cisco Cloud Networking NDA Discussion Han Yang

advertisement 
Cisco Cloud
Networking
Han Yang
Product Manager, Data Center Group
May, 2013
NDA Discussion
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
1
PHYSICAL
WORKLOAD
•  One app per Server
•  Static
•  Manual provisioning
VIRTUAL
WORKLOAD
•  Many apps per Server
•  Mobile
•  Dynamic provisioning
HYPERVISOR
CLOUD
WORKLOAD
•  Multi-tenant per Server
•  Elastic
•  Automated Scaling
VDC-1
VDC-2
CONSISTENCY: Policy, Features, Security, Management, Separation of Duties
Nexus 7K/5K/3K/2K
Nexus 1000V, VM-FEX
Routing
ASR, ISR
Cloud Services Router (CSR 1000V)
Services
WAAS, ASA, NAM
vWAAS, VSG, ASA 1000V, vNAM**
Compute
UCS for Bare Metal
UCS for Virtualized Workloads
Switching
© 2010 Cisco and/or its affiliates. All rights reserved.
** 1H 2013
Cisco Confidential
2
Cloud Network Services
Virtualized/Cloud
Data Center
WAN Switches
Router
Imperva
SecureSphere
Cloud
WAF
Services
Citrix
Servers
Router
1000V
NetScaler
VPX
vWAAS
Network
Analysis
Module
(vNAM)
ASA
1000V
Cloud
Firewall
Cisco
Virtual
Security
Gateway
Tenant A
Zone A
Zone B
Physical
Infrastructure
vPath
Nexus 1000V
VXLAN
Multi-Hypervisor (VMware, Microsoft*, RedHat*, Citrix*)
Nexus 1000V
•  Distributed switch
•  NX-OS
consistency
7000+ Customers
(on VMW)
VSG
•  VM-level
controls
•  Zone-based
FW
Shipping (on VMW)
© 2010 Cisco and/or its affiliates. All rights reserved.
ASA 1000V
•  Edge firewall,
VPN
•  Protocol
Inspection
Shipping (on VMW)
vWAAS
•  WAN
optimization
CSR 1000V
Ecosystem
•  WAN L3 gateway
•  Citrix NetScaler
(Cloud Router)
•  Routing and VPN
•  Application
Cisco-Citrix Alliance Webinar: - Oct 22, 2012 (Webinar, PPT)
Imperva WAF update: June 5th, 2012 (Email Annoucement, Imperva FAQ)
VPX virtual ADC
•  Imperva Web
traffic
Shipping (on VMW)
Services
App. Firewall
Shiping
vNAM: Q2 CY13
2013
Cisco Confidential
3
Virtual Overlay Networks
Example: Virtual Overlay Networks and Services with Nexus 1000V
• 
Scalable Multi-tenancy
Tens of thousands of virtual ports, L2 networks
OpenStack
Quantum API
Hundreds of Servers
REST API
Scalable segmentation: VXLAN
• 
Nexus 1000V
Common APIs
Incl. OpenStack Quantum API’s
for cloud automation/orchestration
• 
VXLAN
Gateway
ASA 1KV
Virtual Services
VSG
CSR 1000V (cloud router)
• 
vWAAS
Virtual Services
Multi-hypervisor
ESX, Hyper-V, OpenSource Hypervisors (KVM/
Xen)
• 
Hybrid Use Cases (Physical and Virtual)
VXLAN to VLAN GW
© 2010 Cisco and/or its affiliates. All rights reserved.
ASA 55xx
Any Hypervisor
vPath for traffic steering / service chaining
VSG, ASA 1000V (cloud-ready security),
vWAAS (application acceleration)
Physical
(VLAN)
Network
Tenant 1
Tenant 2
Tenant 3
Virtual Workloads
on VXLAN
Physical Workloads
on VLAN
Tenant 1: virtual workloads protected by virtual firewall
Tenant 2: virtual workloads protected by physical firewall (via VXLAN GW)
Tenant 3: virtual & physical workloads in same L2 domain (via VXLAN GW
Cisco Confidential
4
Cloud Portal
and Orchestration
vCloud
Director/
DynamicOps
WAAS
ASA 1000V
Computing Platform
Physical Network
VSG
NAM
NetScaler
Partners
vPath
L2-3
Hypervisor
CIAC/
OpenStack/
Partners
Citrix
CloudPlatform
Cloud Network Services
L4-7
Virtual Network
Infrastructure
System
Center
Nexus 1000V
vSphere
Hyper-V
XenServer
Multiple (vSphere,
KVM, Xen, open
source)
UCS
Unified Fabric (Nexus 2000 – 7000)
Storage Platform
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
5
Virtual Appliance
ASA 1000V
vWAAS
VSG
Nexus 1010
VSM
VSM
NAM
VSG
VSM
NAM
VSG
Primary
Secondary
VSM: Virtual Supervisor Module
VEM: Virtual Ethernet Module
VXLAN: Scalable Segmentation
VSG: Virtual Security Gateway
vWAAS: Virtual WAAS
ASA 1000V: Tenant-edge security
vPath
•  Service Binding (Traffic
Steering)
•  Fast-Path Offload
•  Service Chaining
© 2010 Cisco and/or its affiliates. All rights reserved.
Virtual Service Blades
L3 Connectivity
vPath: Virtual Service Data-path
VEM-1
vPath
VEM-2
VXLAN
VMware ESX
vPath
Virtual Supervisor Module (VSM)
Network Analysis Module (NAM)
Virtual Security Gateway (VSG)
Data Center Network Manager (DCNM)
VXLAN
VEM-3
VXLAN
Win Server 2012
vPath
VXLAN
•  16M address space for
LAN segments
Open Source Hyp •  Network Virtualization
(Mac-over-UDP)
Cisco Confidential
6
6
No-Cost Version
$695 per CPU MSRP
Nexus 1000V Essential Edition
Nexus 1000V Advanced Edition
The world’s most advanced virtual switch
Adds Cisco value-add features for DC and Cloud
•  Full Layer-2 Feature Set
•  All Feature of Essential Edition
•  Security, QoS Policies
•  VXLAN virtual overlays
•  VSG firewall bundled
(previously sold separately)
•  Full monitoring and
management capabilities
•  Support for Cisco TrustSec
SGA policies
•  vPath enabled Virtual Services
•  Platform for other Cisco DC
Extensions in the Future
Freemium Pricing Model Offers Flexibility for
Customers to Deploy Cisco Virtual Data Center
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
7
Virtual Extensible Local
Area Network (VXLAN)
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
8
Elastic Virtual
Workload
VM
VM
VM
VM
VM
VM
VM
VM
VM
New Workload
Exceeding Capacity
VM
VM
VM
VM
Layer 2
Mobility Across
Layer 3?
Layer 2
On Physical Server &
Network Infrastructure
Layer 3
© 2010 Cisco and/or its affiliates. All rights reserved.
How to Optimally
Leverage Physical
Infrastructure?
Cisco Confidential
9
Layer 2 (Pod 1)
VM 1
VLAN 10
VLAN 10
Layer 2 (Pod 2)
VM 2
VM 3
VLAN 10
Layer 3
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
10
10
Layer 2 (Pod 1)
VM 1
VXLAN
5500
Layer 2 (Pod 2)
VXLAN
5500
VM 3
VM 2
Layer 3
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
11
11
•  Tunnel between VEMs
VMs do NOT see VXLAN ID
•  Ethernet in IP overlay
network
Entire L2 frame encapsulated in
UDP
50 bytes of overhead
•  Include 24 bit VXLAN Identifier
16 M logical networks
Mapped into local bridge domains
•  IP multicast used for L2
broadcast/multicast, unknown
unicast
•  Technology submitted to IETF
for standardization
With VMware, Citrix, Red Hat, and
Others
•  VXLAN can cross Layer 3
Ethernet Frame
Outer
MAC
DA
Outer
MAC
SA
Outer
802.1Q
Outer
IP DA
Outer
IP SA
Outer
UDP
VXLAN ID
(24 bits)
Inner
MAC
DA
Inner
MAC
SA
Optional
Inner
802.1Q
Original
Ethernet
Payload
CRC
VXLAN Encapsulation
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
12
Logical Nework Spanning
Across Layer 3
VM
VM
VM
VM
VM
VM
VM
Utilize All Links in
Port Channel w/ UDP
Add More Pods to Scale
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
13
13
OpenStack
Nexus 1000V Quantum Plug-in
REST API
Nexus 1000V
VXLAN
vPath
ASA 1KV
VSG
VXLAN – VLAN
Gateway
Physical
(VLAN)
Network
ASA 55xx
Hypervisor
CSR 1KV
vWAAS
Virtual Services
Tenant 1
Tenant 2
Tenant 3
Virtual Workloads
(Overlay & Non-overlay)
© 2010 Cisco and/or its affiliates. All rights reserved.
Physical Workloads
* VXLAN GW & OpenStack Quantum support announced
Cisco Confidential
14
VXLAN 5500
VLAN 100
VLAN 200
L2 Domain A
Web
VM
L2 Domain C
L2 Domain B
VXLAN
Gateway
VXLAN
Gateway
Bare Metal
DB Server
VXLAN
Gateway
VXLAN
Gateway
ASA
5500
Layer 3
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
15
Rearchitected for Resiliency
& Scale
•  Migrating workload from
VSM to VEM
•  Loosely Coupled between
VSM and VEM
•  vMotion even when VSM is
disconnected from VEM
© 2010 Cisco and/or its affiliates. All rights reserved.
Target Scale
•  Veths/VSM: 16-32k
•  VEMs/VSM: 256-512
•  Veths/VEM: 300+
•  Active VLANs: 4,096
•  Active VXLANs: 16,384
Cisco Confidential
16
Overlay
Physical
Firewall
Gateway
Gateway
VM
Gateway
WAN
Router
Data Center
Network
•  Overlay: Instant provisioning
•  Overlay needs gateway to
access physical network
•  Physical network to support
overlay traffic pattern
Bare Metal Servers
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
17
Unprecedented Infrastructure Flexibility
Rack-Wide VM Mobility
DC-Wide VM Mobility
DC
DC
VLAN
VLAN
VLAN
POD
POD
POD
POD
VLAN
VXLAN
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
18
Enhanced VXLAN
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
19
•  Forwarding mechanisms
similar to Layer 2 bridge:
Flood and learn
‒  VEM learns VM’s source (MAC,
host) tuple
•  Broadcast, multicast, and unknown
unicast traffic
VM
VM
VM
VM
‒  VM broadcast, multicast, and unknown
unicast traffic is replicated for each host
having VMs in same VXLAN. Packet is
encapsulated with destination IP set to
the host’s VXLAN IP.
•  Unicast User
‒  Unicast packets are encapsulated
and sent directly (not through
multicast) to destination host
VXLAN IP (destination VEM)
© 2010 Cisco and/or its affiliates. All rights reserved.
VEM 1
VEM 2
Cisco Confidential
20
Broadcast/
Unknown
Unicast
VM
VM
VM
VM
VM
VM
VEM performs
replication and
encapsulation
No
multicast
needed
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
21
Broadcast/ARP
Requirement
VEM VTEP
Table
VXLAN
VM
VTEP
VXLAN
10.10.10.10
5000
VM
20.20.20.20
10.10.10.10
VTEP
10.10.10.10
5000
20.20.20.20
20.20.20.20
30.30.30.30
VEM learns
VXLAN/VTEP
VM
30.30.30.30
VEM VTEP
Table
VXLAN
VTEP
5000
10.10.10.10
20.20.20.20
30.30.30.30
© 2010 Cisco and/or its affiliates. All rights reserved.
30.30.30.30
Data
Center
Network
Nexus®
1000V VSM
VSM distributes
VXLAN/VTEP
Encapsulated
VEM has
packet
sent to
VXLAN
all
VTEPs
VTEP
list with
VXLAN 5000
VSM VTEP
Table
VXLAN
VSM learns
VXLAN/VTEP
from VEMs
5000
VTEP
10.10.10.10
20.20.20.20
30.30.30.30
Cisco Confidential
22
MAC Distribution
Security enhancement that
prevents malicious VMs
from causing ”unknown
unicast” broadcast storms
VEM learns all (VXLAN,
MAC)
from VSM
When VEM receives a MAC from
VM in a VXLAN, if MAC is not
found in the MAC table the frame
is dropped.
© 2010 Cisco and/or its affiliates. All rights reserved.
Local ARP
Termination
VEM terminates ARP locally for
VMs in VXLAN reducing ARP
broadcast traffic
VSM aggregates and distributes
(VXLAN, IP, MAC) entries to
VEMs
When VEM receives an ARP
request, VEM looks up the MAC/
IPDB for MAC address of host
VEM replies to ARP request with
MAC address of the destination
VM
Cisco Confidential
23
VEM IP / MAC
Table
VXLAN
VM1
a.a.a
VM2
VM3
b.b.b
c.c.c
M
d.d.d
IP/MAC
20.20.20.20
a.a.a
b.b.b
c.c.c
d.d.d
VSM
distributes
VXLAN/MAC
VSM IP / MAC
Table
5000
1000V VSM
© 2010 Cisco and/or its affiliates. All rights reserved.
MAC_X not
found in table.
Packet
dropped.
VXLAN
Nexus®
IP/MAC
a.a.a
b.b.b
c.c.c
d.d.d
5000
Data
Center
Network
Unknown
Unicast
Flood
Prevented
VEM IP / MAC
Table
VXLAN
10.10.10.10
5000
VM4
Malicious VM
Send
in VXLAN
unicast
5000 to
MAC_X
VSM learns
VXLAN/MAC
IP/MAC
a.a.a
b.b.b
c.c.c
d.d.d
Cisco Confidential
24
(192.1.1.1, a.a.a)
VEM IP / MAC
Table
VXLAN
(192.1.1.2, b.b.b)
VM1
VM2
VM3
IP/MAC
VEM IP / MAC
Table
VXLAN
10.10.10.10
5000
VM 3 ARP
request for
192.1.1.1
(192.1.1.3, c.c.c)
IP/MAC
20.20.20.20
(192.1.1.1, a.a.a)
5000
(192.1.1.1, a.a.a)
(192.1.1.1, b.b.b)
(192.1.1.1, b.b.b)
(192.1.1.1, c.c.c)
(192.1.1.1, c.c.c)
In this mode VEM
learns VXLAN / IP /
MAC
Data
Center
Network
No ARP
Broadcast
1000V VSM
192.1.1.1
found in
VXLAN 5000
VSM IP / MAC
Table
VXLAN
Nexus®
© 2010 Cisco and/or its affiliates. All rights reserved.
VSM distributes
VXLAN/ IP/
VEM ARP Reply
MAC
with VM1’s MAC
a.a.a
VSM
learns
VXLAN/
IP/ MAC
5000
IP/MAC
(192.1.1.1, a.a.a)
(192.1.1.1, b.b.b)
(192.1.1.1, c.c.c)
Cisco Confidential
25
VXLAN
(multicast
mode)
Enhanced
VXLAN
(unicast
mode)
Broadcast /
Multicast
Multicast
Encapsulation
Replication
plus
Unicast Encap
Replication
plus
Unicast Encap
Replication
plus
Unicast Encap
Unknown Unicast
Multicast
Encapsulation
Replication
plus
Unicast Encap
Drop
Drop
Known Unicast
Unicast
Encapsulation
Unicast Encap
Unicast Encap
Unicast Encap
ARP
Multicast
Encapsulation
Replication
plus
Unicast Encap
Replication
plus
Unicast Encap
VEM ARP Reply
VXLAN
Mode
Packet
Enhanced VXLAN Enhanced VXLAN
MAC Distribution ARP Termination
For your reference
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
26
Virtualized Network
Services
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
27
Virtual Service Nodes (VSN)
VM
Nexus
1000V
VEM
VM
VM
vPath
VM
VM
VM
Nexus
1000V
VEM
VM
vPath
VSN
VSN
Nexus
1000V
VEM
VSN
VSN
vPath
•  New flow is classified for VSN re-direction
•  Initial packet(s) re-directed to VSN
•  VSN installs a flow entry into vPath
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
28
VM
Nexus
1000V
VEM
VM
VM
vPath
VM
VM
Nexus
1000V
VEM
Production VMs
VM
VM
vPath
VSN
VSN
VSN
Nexus
1000V
VEM
VSN
vPath
Virtual Service Nodes
•  Service VMs placed with or separated from production VMs
•  VSN can provide network service to multiple vSphere servers
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
29
Scalable Acceleration in Virtual Ethernet Module
VM
Nexus
1000V
VEM
VM
VM
vPath
VM
VM
Nexus
1000V
VEM
Production VMs
VM
VM
vPath
VSN
VSN
VSN
Nexus
1000V
VEM
VSN
vPath
Virtual Service Nodes
•  Network service policy for subsequent packets in the flow are
enforced in VEM
•  Reduces traffic steering
•  VEMs are part of the network service: Scalable Acceleration in
hypervisor kernel
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
30
V
M
V
M
Nexus
1000V
VEM
V
M
Virtual
Security
Gateway
•  First Virtual Service Node leveraging
vPath
•  Trusted segmentation
Zone-based control and monitoring
•  Dynamic operation
vPath
On-demand provisioning
Security policy follows vMotioned VM
•  Non-disruptive administration for
Virtualization, Security, and
Network Teams
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
31
31
Data Center Segments / Lines of Business / Tenants
Web Zone
QA Zone
HR Zone
Application Zone
Development
Zone
Finance Zone
VDI Zone
Lab Zone
Manufacturing
Zone
Staging Zone
Partner Zone
R&D Zone
Cisco
VSG
Cisco
VSG
Cisco
VSG
Shared Computer Infrastructure
•  Zone-based access control
•  Granular, context based security policies (supports VM, custom and network
attributes)
•  Multi-tenancy support
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
32
32
Seamless Policy-Based VSG Management
V
M
V
M
V
M
V
M
V
M
V
M
V
M
V
M
V
M
Management/Orchestration tools
VM
Context
Security
Team
vCenter
Server
Team
VNMC
Port Profile
Nexus 1000V
Network
Team
Security Profile
•  Centralized mgmt of VSG & security profiles
•  Security team manages security
•  Architected for multi-tenancy, RBAC
•  XML API for automated provisioning
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
33
33

Rule

Destination
Condition
Source
Condition
Action
Attribute Type
Network
Condition
VM
User Defined
vZone
VM Attributes
Network Attributes
Operator
Operator
Instance Name
IP Address
eq
member
Guest OS full name
Network Port
neq
Not-member
gt
Contains
Guest OS Host name
Parent App Name
Cluster Name
Hypervisor Name
Resource-pool
Port Profile Name
Zone
Name
© 2010 Cisco
and/or its affiliates. All rights reserved.
lt
range
Not-in-range
Prefix
ACE: Access Control Entry
Cisco Confidential
34
34
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
35
35
Security Profile
Port-Profile
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
36
36
VM
VM VM
VM
VM
VM
VM
VM VM
VM
VM
VM VM
VM
VM
VM
VM
VM VM
VM
VM
VM VM
VM
VM
VM
VM
VM VM
VM
Database Servers
Dev Servers
Exchange Servers
VM
VM VM
VM
VM
VM
VM
VM VM
VM
VM
VM VM
VM
VM
VM
VM
VM VM
VM
VM
VM VM
VM
VM
VM
VM
VM VM
VM
QA Servers
Training Servers
R&D Servers
If vm-name contains “TRNG”, that VM belongs to TRNG zone
© 2010 Cisco and/or its affiliates. All rights reserved.
Source
Destination
Protocol
Action
Zone=TRNG
Zone=TRNG
Any
Permit
Any
Zone=TRNG
Any
Permit
Zone=TRNG
Any
Any
Drop
Cisco Confidential
37
Virtual Security
Gateway
ASA 1000V
Zone-based segmentation within
a tenant
Tenant edge security
Hypervisor
© 2010 Cisco and/or its affiliates. All rights reserved.
Nexus 1000V
VNMC
Cisco Confidential
38
38
•  Proven Cisco® security: virtualized
physical and virtual consistency
•  Collaborative security model
̶  Cisco Virtual Secure Gateway (VSG)
for intra-tenant secure zones
VMware vCenter
Cisco® Virtual Network Management Center (VNMC)
Tenant B
Tenant A
VDC
VDC
vApp
̶  Cisco ASA 1000V for tenant edge
controls
Cisco
VSG
•  Transparent integration
Cisco
VSG
vApp
̶  With Cisco Nexus® 1000V Switch and
Cisco vPath
•  Scale flexibility to meet cloud
demand
̶  Multi-instance deployment for scaleout deployment across the data
center
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco
VSG
Cisco
VSG
Cisco ASA
1000V
Cisco ASA
1000V
Cisco vPath
Cisco Nexus® 1000V
Hypervisor
Cisco Confidential
39
VSG & ASA 1000V
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Nexus 1000V
Distributed Virtual Switch
Initial Packet
Flow
© 2010 Cisco and/or its affiliates. All rights reserved.
vPath
(policy evaluation)
VSG
ASA
1000
V
ASA in line
Cisco Confidential
40
40
VSG & ASA 1000V
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Nexus 1000V
Distributed Virtual Switch
VSG
vPath
ASA
1000V
Rest of the flow
© 2010 Cisco and/or its affiliates. All rights reserved.
ASA in line
(policy
downloaded)
Cisco Confidential
41
41
VXLAN 101
VXLAN 5001
VM
VM
VM
Nexus 1000V
Distributed Virtual Switch
VM
vPath
•  Deployment- VMs and Virtual Service Nodes,
ASA 1000V, VSG, vWAAS etc, on VXLANs
•  Same VSG can protect VMs on multiple VXLANs
with overlapping IP addresses
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
42
42
Shipping
Cloud-ready WAN Optimization
FEATURES
Virtual WAAS “Appliances”
  Allows Agile, Elastic, & Multi Tenant
Deployment
  Supports DRE Cache in SAN
  Policy-based Provisioning w/ Nexus 1000V
ESX ESXi Hypervisor w/
Nexus 1000
  Extends WAAS Solution Portfolio
vPath
BUSINESS BENEFITS
UCS /x86 Servers
  Business Agility with on-demand
orchestration
  Lower operational cost, reduced migration
risk
Virtual WAAS
Stand-alone or with N1KV/vPath
© 2010 Cisco and/or its affiliates. All rights reserved.
  Fault-tolerance with VM mobility awareness
Cisco Confidential
43
Shipping
VM
Boundary
of
network
visibility
VM
VM
VM
Nexus
1000V
VEM
Server
vSphere
Server
Server
Release 5.1(2)
NetFlow
ERSPAN
Cisco Prime
NAM for Nexus
1010
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
44
Can be deployed by Enterprises or Cloud Providers
Enterprise A
Cloud Provider’s Data Center
DC
CSR
1000
V
•  Secure VPN
Gateway
•  L3 Extension
ASR
Branch
MPLS
Enterprise B
Tenant A
The image
cannot be
displayed.
Your
computer
may not
have
enough
memory to
open the
image, or
the image
ISR
WAN Switches
Router
Cloud Provider Use
Cases
Servers
Internet
Branch
ISR
© 2010 Cisco and/or its affiliates. All rights reserved.
Enterprise Use
Cases
CSR
1000
V
•  Secure VPN Gateway
•  MPLS Extension
Tenant B
Physical
Infrastructure
Virtual
Infrastructure
Cisco Confidential
45
Nexus 1000V InterCloud
Secure Hybrid Cloud
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
46
N1KV Switching
ASA Firewall
IOS Routing
Crypto Secure
Private Cloud
Tenant B
Virtual Private Cloud
Secure Hybrid Cloud = Securely Connect Enterprise Private Cloud and Provider Public Cloud
Use Cases
Workloads
Requirements
•  Bursting
•  Dev/QA
•  Network consistency
•  Disaster recovery/avoidance
•  Intern/Partner VDI
•  Security consistency
•  Upgrade/migration
•  Training Apps
•  Policy consistency
•  Initially low-value workloads
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
47
Securely Extend Enterprise Environment into
Provider Cloud
VNMC
InterCloud
VM Manager Integration
L2 Virtual
Private Cloud
VV
MM
VV
MM
VV
MM
Nexus1000V /
N1KV
vSwitch
Provider Cloud API Intg.
Other
Tenants
N1KV InterCloud
InterCloud
Nexus Switching | IOS Routing | Network Services
Secure
Enterprise-Grade Crypto and Firewalling within &
across clouds
Simple
Transparent Application Migration; Centralized
Management
Flexible
© 2011 Cisco and/or its affiliates. All rights reserved.
Choice of Provider Clouds and
Hypervisors
Cisco Confidential
48
ENTERPRISE CLOUD
PROVIDER CLOUD
VPC
VM VM VM
VM VM
VM VM VM
N1KV InterCloud
VM VM VM
N1KV
InterCloud
CSR
1000V
ASR
1K/9K
ISR
G2
Remote User
© 2012 Cisco and/or its affiliates. All rights reserved.
BRANCH OFFICE
Cisco Confidential
49
•  Nexus 1000V is the foundation for full portfolio of
virtualized network machine networking
Nexus 1000V, CSR 1000V, Full portfolio of virtualized
network services
•  Enhanced VXLAN to ease and scale virtual overlay
•  vPath supporting variety of virtualized network
services
ASA 1000V, Virtual Security Gateway, NAM, vWAAS,
Imperva WAF, Citrix VPX
Cisco Confidential
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Highly Confidential
50
Thank you.
Related documents
10_2_1_2 Worksheet - Answer Security Policy Questions
10_2_1_2 Worksheet - Answer Security Policy Questions
WWW+Internet+networking - Edulink
WWW+Internet+networking - Edulink
Download
advertisement